hotfix: #89 care 정보 소유 검사

src/main/java/com/kcy/fitapet/domain/care/api/CareApi.java

@@ -9,6 +9,7 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
+import io.swagger.v3.oas.annotations.enums.ParameterIn;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
@@ -25,65 +26,51 @@
 @Tag(name = "Care", description = "케어 API")
 @Slf4j
 @RestController
-@RequestMapping("/api/v2/users/{user_id}/pets/{pet_id}/cares")
+@RequestMapping("/api/v2/pets/{pet_id}/cares")
 @RequiredArgsConstructor
 public class CareApi {
     private final CareManageService careManageService;
 
     @Operation(summary = "케어 등록")
-    @Parameters({
-            @Parameter(name = "user_id", description = "등록할 유저 ID", required = true),
-            @Parameter(name = "pet_id", description = "등록할 반려동물 ID", required = true)
-    })
+    @Parameter(name = "pet_id", description = "등록할 반려동물 ID", in = ParameterIn.PATH, required = true)
     @PostMapping("")
-    @PreAuthorize("isAuthenticated() and #userId == principal.userId and @managerAuthorize.isManager(principal.userId, #petId)")
+    @PreAuthorize("isAuthenticated() and @managerAuthorize.isManager(principal.userId, #petId)")
     public ResponseEntity<?> saveCare(
-            @PathVariable("user_id") Long userId,
             @PathVariable("pet_id") Long petId,
             @RequestBody @Valid CareSaveReq.Request request,
             @AuthenticationPrincipal CustomUserDetails user
-            ) {
+    ) {
         careManageService.saveCare(user.getUserId(), petId, request);
-
         return ResponseEntity.ok(SuccessResponse.noContent());
     }
 
     @Operation(summary = "케어 목록 조회")
-    @Parameters({
-            @Parameter(name = "user_id", description = "등록할 유저 ID", required = true),
-            @Parameter(name = "pet_id", description = "등록할 반려동물 ID", required = true)
-    })
+    @Parameter(name = "pet_id", description = "등록할 반려동물 ID", in = ParameterIn.PATH, required = true)
     @GetMapping("")
-    @PreAuthorize("isAuthenticated() and #userId == principal.userId and @managerAuthorize.isManager(principal.userId, #petId)")
-    public ResponseEntity<?> getCares(
-            @PathVariable("user_id") Long userId,
-            @PathVariable("pet_id") Long petId
-    ) {
+    @PreAuthorize("isAuthenticated() and @managerAuthorize.isManager(principal.userId, #petId)")
+    public ResponseEntity<?> getCares(@PathVariable("pet_id") Long petId) {
         CareInfoRes res = careManageService.findCaresByPetId(petId);
         return ResponseEntity.ok(SuccessResponse.from("careCategories", res.getInfo()));
     }
 
     @Operation(summary = "작성한 케어 카테고리 목록 조회")
     @GetMapping("/categories")
-    @PreAuthorize("isAuthenticated() and #userId == principal.userId and @managerAuthorize.isManager(principal.userId, #petId)")
-    public ResponseEntity<?> getCareCategoryNames(
-            @PathVariable("user_id") Long userId,
-            @PathVariable("pet_id") Long petId
-    ) {
+    @PreAuthorize("isAuthenticated() and @managerAuthorize.isManager(principal.userId, #petId)")
+    public ResponseEntity<?> getCareCategoryNames(@PathVariable("pet_id") Long petId) {
         List<?> careCategories = careManageService.findCareCategoryNamesByPetId(petId);
         return ResponseEntity.ok(SuccessResponse.from("careCategories", careCategories));
     }
 
     @Operation(summary = "케어 수행")
     @GetMapping("/{care_id}/care-dates/{care_date_id}")
-    @PreAuthorize("isAuthenticated() and #userId == principal.userId and @managerAuthorize.isManager(principal.userId, #petId)") // TODO: careDate가 care에 속하는 지 확인
+    @PreAuthorize("isAuthenticated() and @managerAuthorize.isManager(principal.userId, #petId) and @careAuthorize.isValidCareAndCareDate(#petId, #careId, #careDateId)")
     public ResponseEntity<?> doCare(
-            @PathVariable("user_id") Long userId,
             @PathVariable("pet_id") Long petId,
             @PathVariable("care_id") Long careId,
-            @PathVariable("care_date_id") Long careDateId
+            @PathVariable("care_date_id") Long careDateId,
+            @AuthenticationPrincipal CustomUserDetails user
     ) {
-        CareLogInfo careLog = careManageService.doCare(careDateId, userId);
+        CareLogInfo careLog = careManageService.doCare(careDateId, user.getUserId());
         return ResponseEntity.ok(SuccessResponse.from(careLog));
     }
 }

src/main/java/com/kcy/fitapet/domain/care/dao/CareDateQueryDslRepository.java

@@ -0,0 +1,4 @@
+package com.kcy.fitapet.domain.care.dao;
+
+public interface CareDateQueryDslRepository {
+}

src/main/java/com/kcy/fitapet/domain/care/dao/CareDateQueryDslRepositoryImpl.java

@@ -0,0 +1,16 @@
+package com.kcy.fitapet.domain.care.dao;
+
+import com.kcy.fitapet.domain.care.domain.QCare;
+import com.kcy.fitapet.domain.care.domain.QCareDate;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Repository;
+
+@Repository
+@RequiredArgsConstructor
+@Slf4j
+public class CareDateQueryDslRepositoryImpl implements CareDateQueryDslRepository {
+    private final QCare care = QCare.care;
+    private final QCareDate careDate = QCareDate.careDate;
+
+}

src/main/java/com/kcy/fitapet/domain/care/dao/CareDateRepository.java

@@ -8,4 +8,5 @@
 
 public interface CareDateRepository extends ExtendedJpaRepository<CareDate, Long> {
     List<CareDate> findAllByCare_IdAndWeek(Long careId, WeekType week);
+    boolean existsByIdAndCare_Id(Long careDateId, Long careId);
 }

src/main/java/com/kcy/fitapet/domain/care/dao/CareQueryDslRepository.java

@@ -0,0 +1,5 @@
+package com.kcy.fitapet.domain.care.dao;
+
+public interface CareQueryDslRepository {
+    boolean isValidCare(Long petId, Long careId);
+}

src/main/java/com/kcy/fitapet/domain/care/dao/CareQueryDslRepositoryImpl.java

@@ -0,0 +1,31 @@
+package com.kcy.fitapet.domain.care.dao;
+
+import com.kcy.fitapet.domain.care.domain.QCare;
+import com.kcy.fitapet.domain.care.domain.QCareCategory;
+import com.kcy.fitapet.domain.pet.domain.QPet;
+import com.querydsl.jpa.impl.JPAQueryFactory;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Repository;
+
+import static com.querydsl.core.types.dsl.Expressions.constant;
+
+@Repository
+@Slf4j
+@RequiredArgsConstructor
+public class CareQueryDslRepositoryImpl implements CareQueryDslRepository {
+    private final JPAQueryFactory queryFactory;
+    private final QPet pet = QPet.pet;
+    private final QCareCategory careCategory = QCareCategory.careCategory;
+    private final QCare care = QCare.care;
+
+    public boolean isValidCare(Long petId, Long careId) {
+        return queryFactory
+                .select(constant(1))
+                .from(pet)
+                .leftJoin(careCategory).on(careCategory.pet.id.eq(pet.id))
+                .leftJoin(care).on(care.careCategory.id.eq(careCategory.id))
+                .where(pet.id.eq(petId).and(care.id.eq(careId)))
+                .fetchOne() != null;
+    }
+}

src/main/java/com/kcy/fitapet/domain/care/dao/CareRepository.java

@@ -2,6 +2,8 @@
 
 import com.kcy.fitapet.domain.care.domain.Care;
 import com.kcy.fitapet.global.common.repository.ExtendedJpaRepository;
+import com.kcy.fitapet.global.common.repository.ExtendedRepository;
+
+public interface CareRepository extends ExtendedRepository<Care, Long>, CareQueryDslRepository {
 
-public interface CareRepository extends ExtendedJpaRepository<Care, Long> {
 }

src/main/java/com/kcy/fitapet/domain/pet/api/PetApi.java

@@ -74,6 +74,4 @@ public ResponseEntity<?> checkCategoryExist(@PathVariable("user_id") Long userId
         List<?> result = petManageService.checkCategoryExist(userId, request.categoryName(), request.pets());
         return ResponseEntity.ok(SuccessResponse.from("categories", result));
     }
-
-
 }

src/main/java/com/kcy/fitapet/global/common/security/authorization/CareAuthorize.java

@@ -0,0 +1,27 @@
+package com.kcy.fitapet.global.common.security.authorization;
+
+import com.kcy.fitapet.domain.care.dao.CareDateRepository;
+import com.kcy.fitapet.domain.care.dao.CareRepository;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+@Component("careAuthorize")
+@RequiredArgsConstructor
+@Slf4j
+public class CareAuthorize {
+    private final CareRepository careRepository;
+    private final CareDateRepository careDateRepository;
+
+    public boolean isValidCare(Long petId, Long careId) {
+        return careRepository.isValidCare(petId, careId);
+    }
+
+    public boolean isValidCareAndCareDate(Long petId, Long careId, Long careDateId) {
+        return isValidCare(petId, careId) && isValidCareDate(careId, careDateId);
+    }
+
+    private boolean isValidCareDate(Long careId, Long careDateId) {
+        return careDateRepository.existsByIdAndCare_Id(careDateId, careId);
+    }
+}